1 / 25

[3ICT1] Security - Cryptography -

Cryptography. OverviewQuick History, Fundamentals, Threats

moe
Download Presentation

[3ICT1] Security - Cryptography -

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


    1. [3ICT1] Security - Cryptography - Karl Quinn

    2. Cryptography Overview Quick History, Fundamentals, Threats & Attacks. Cryptographic Algorithms Symmetric Asymmetric Cryptographic Ciphers Cipher Block Chaining Stream Cipher Cryptographic Attacks Brute Force Chosen Plaintext Man-in-the-middle

    3. Cryptography History Ancient History Polybios; ‘Polybios square’ Ceasar; simple ‘shifting’ substitution. More Current Pre-WWII Scherbius; ‘Enigma Machine’ 1970’s Feistel; ‘Feistel Cipher’s’ (Pre-cursor to DES, 3DES) Rivest, Shamir, and Adleman; ‘RSA’ WWW - Age Schneider’s ‘Applied Cryptography’ Published algorithms w/ source code.

    4. Fundamentals Why use cryptography… Confidentiality …msg contents remain secret. Integrity …msg contents not tampered/altered/etc. Authentication …msg recipient/sender is who they states they are.

    5. Threats & Methods of Attacks Security Threats Leakage; unauthorised acquisitions. Tampering; unauthorised alterations. Vandalism; interference without gain. Methods of Attack Eavesdropping; Acquiring msg w/out authority. Masquerading; fraudulent use of identity for comm’s. Message Tampering; intercept, alter, and resend. Replaying; storing msg’s and resending later. Denial of Service; flood a channel to deny legitimate access.

    6. Cryptographic Key Two main approaches for successful encryption, with a hybrid third option. (1) Shared Key Encryption [Symmetric] Sender and recipient share knowledge of a secret key that is used to encrypt plaintext messages as cipher-text. (2) Public/Private Key Encryption [Asymmetric] Sender uses the recipients ‘public key’ to encrypt plaintext messages, which are then decrypted by the recipient using the corresponding ‘private key’. (3) Hybrid Public/Private w/ Shared Distribute shared via public/private key.

    7. Cryptographic Terminology #1 Protagonists in security protocols Alice; First participant Bob; Second participant Carol; participant in 3 or 4 party Dave; participant in 4 party Eve; eavesdropper Mallory; Malicious attacker Sara; A server

    8. Cryptographic Terminology #1 Cryptographic Notation KA : Alice’s Secret Key. KB : Bob’s Secret Key. KAB : Shared Key between Alice and Bob. KApriv : Alice’s Private Key KApub :Alice’s Public Key {M}K : Message M encrypted with key K [M]K : Message M signed with key K

    9. Shared Key Encryption Communications between Alice and Bob using the shared key KAB (1) Alice uses KAB and the encryption function E(KAB,M) to encrypt messages for Bob. (2) Bob decrypts the cipher text using D(KAB, {M}K).

    10. Shared Key Encryption Problems with previous example; (1) How can Alice send the secret key to Bob securely? (2) How can Bob know that the messages contents weren’t tampered with? (3) How does Bob know that a message hasn’t just been replayed?

    11. Shared Key Examples Tiny Encryption Algorithm (TEA) Simple, 128-bit key. Uses rounds of integer addition, XOR, and bitwise logical shifts to achieve plaintext diffusion and confusion. Void encrypt(unsigned long k[], unsigned long text[]){ unsigned long y = text[0], z = text[1]; unsigned long delta = 0x9e3779b9, sum = 0; int n; for(n = 0; n < 32; n++){ sum+=delta; y += ((z<<4)+k[0])^(z+sum)^((z>>5)+k[1]); z += ((y<<4)+k[2])^(y+sum)^((y>>5)+k[3]); } text[0] = y; text[1] = z; }

    12. Shared Key Examples Data Encryption Standard (DES) US encryption standard for years, 56-bit-key. Triple-DES (3DES) applies DES three times with two keys. Therefore, 112-bit key. International Data Encryption Algorithm (IDEA) All round option, successor to DES. 128-bit key. Encrypts/Decrypts ~3 times faster than DES. Advanced Encryption Standard (AES) Widely used symmetric encryption algorithm. AKA ‘Rijndael’, AES is fast, relatively easy to implement, and requires little memory.

    13. Public Key Encryption Communications between Alice and Bob using Bob’s Public key KBpub (1) Alice uses KBpub to encrypt message M, E(KBpub, M). (2) Bob receives the encrypted message and decrypts its contents using KBpriv. D(KBpriv, {M}K ).

    14. Public Key Encryption Problems with previous example? (1) How/Where does Alice get Bob’s public key? (2) Can require 100 to 1000 times more processing power than shared key encryption.

    15. Public Key Examples. Rivest, Shamir, Adelman (RSA) Uses ‘trap-door functions’, which is a one way function with a secret exit… it is easy to compute in one direction but infeasible to compute the inverse unless secret is known. To find a key pair ‘e’, ‘d’… Choose 2 large prime numbers P and Q to form N = P x Q Z = (P-1) x (Q-1) For d, chose any number relatively prime with Z. To find e, solve e x d = 1 mod Z. Function to encrypt; Me mod N. E(KE, M) = {M}K Function to decrypt; Cd mod N. D(KD, {M}K) = M

    16. Public Key Examples. RSA with workable numbers… (1) Let P = 13, and Q = 17, Using N = P x Q, N = 221 Z = (P-1) x (Q-1), Z = 192. (2) Chose d = 5. Solving e x d = 1 mod 192 = 1, 193, 385, … 385 is divisible by d, Therefore, e = 385/5 = 77. Function to encrypt; M77 mod 221. Function to decrypt; C5 mod 221.

    17. Public Key Examples Elliptical Curve Cryptography Public Key not shared. Generates key through the properties of elliptic curve equations not based on difficulties associated with factoring large numbers. Shorter keys are secure. Lower processing overhead than RSA.

    18. Hybrid Key Encryption In e-commerce public key security needs no secure key distribution mechanism. Public key encryption as a large computational overhead in relation to shared key encryption. Therefore, one can use public key encryption to authenticate a party and to also encrypt secret keys for secure distribution. This securely distributed secret key is then used for all subsequent transaction. See SSL.

    19. Cryptographic Ciphers Block Ciphers Most encryption algorithms work with fixed sized blocks of data, 64-bits is popular. A message is divided into 64-bit blocks w/ padding on the last block if necessary. Each block is encrypted independently. Simple block cipher can allow pattern recognition between the ciphertext and plaintext. Integrity of message is not guaranteed. Cipher Block Chaining overcomes above weaknesses.

    20. Cryptographic Ciphers Plaintext blocks Ciphertext blocks

    21. Cryptographic Ciphers plaintext stream

    22. Confusion and Diffusion Shannon’s principle of confusion and diffusion conceals content of ciphertext. (1) Confusion XOR and circular shifting to combine plaintext blocks with a key to produce pattern that obscures the relationship between encrypted and unencrypted blocks. (2) Diffusion Dissipates repetition patterns and redundancy that are found in plaintext. Unavailable to stream ciphers as they don’t use blocks.

    23. Cryptographic Attacks Brute Force Attack Try every possible mathematical value of K in computing E(K, M) until result matches {M}K. Chosen Plaintext Attack Try to guess ciphertext by using a public key to encrypt known plaintext and hope they match. Man-in-the-middle Mallory positioned between Alice and Bob, and substitutes a known shared key.

    24. Summary Summary of main concepts (1) Cryptographic Algorithms Symmetric Asymmetric (2) Cryptographic Ciphers Cipher Block Chaining Stream Cipher (3) Cryptographic Attacks Brute Force Chosen Plaintext Man-in-the-middle

    25. Reference Coukouris, G., Dollimore, J., Kindberg, T., ‘Distributed Systems, Concepts and Designs’, Addison-Wesley, Third Edition, 2001.

More Related